linux_dsm_epyc7002/arch/x86/kvm
Andy Honig 9842df6200 KVM: MTRR: remove MSR 0x2f8
MSR 0x2f8 accessed the 124th Variable Range MTRR ever since MTRR support
was introduced by 9ba075a664 ("KVM: MTRR support").

0x2f8 became harmful when 910a6aae4e ("KVM: MTRR: exactly define the
size of variable MTRRs") shrinked the array of VR MTRRs from 256 to 8,
which made access to index 124 out of bounds.  The surrounding code only
WARNs in this situation, thus the guest gained a limited read/write
access to struct kvm_arch_vcpu.

0x2f8 is not a valid VR MTRR MSR, because KVM has/advertises only 16 VR
MTRR MSRs, 0x200-0x20f.  Every VR MTRR is set up using two MSRs, 0x2f8
was treated as a PHYSBASE and 0x2f9 would be its PHYSMASK, but 0x2f9 was
not implemented in KVM, therefore 0x2f8 could never do anything useful
and getting rid of it is safe.

This fixes CVE-2016-3713.

Fixes: 910a6aae4e ("KVM: MTRR: exactly define the size of variable MTRRs")
Cc: stable@vger.kernel.org
Reported-by: David Matlack <dmatlack@google.com>
Signed-off-by: Andy Honig <ahonig@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-18 18:04:32 +02:00
..
assigned-dev.c KVM: x86: use list_for_each_entry* 2016-02-23 15:40:54 +01:00
assigned-dev.h KVM: x86: move device assignment out of kvm_host.h 2014-11-24 16:53:50 +01:00
cpuid.c KVM: x86: mask CPUID(0xD,0x1).EAX against host value 2016-04-10 21:53:50 +02:00
cpuid.h KVM, pkeys: expose CPUID/CR4 to guest 2016-03-22 16:38:17 +01:00
emulate.c Merge branch 'core-objtool-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-03-20 18:23:21 -07:00
hyperv.c KVM: Hyper-V: do not do hypercall userspace exits if SynIC is disabled 2016-04-01 12:10:09 +02:00
hyperv.h kvm/x86: Hyper-V SynIC timers 2015-12-16 18:49:45 +01:00
i8254.c KVM: i8254: drop local copy of mul_u64_u32_div 2016-03-04 22:39:17 +01:00
i8254.h KVM: i8254: turn kvm_kpit_state.reinject into atomic_t 2016-03-04 09:30:25 +01:00
i8259.c KVM: x86: clean/fix memory barriers in irqchip_in_kernel 2015-07-30 16:02:56 +02:00
ioapic.c KVM: x86: Rename kvm_apic_get_reg to kvm_lapic_get_reg 2016-05-18 18:04:25 +02:00
ioapic.h kvm: x86: Track irq vectors in ioapic->rtc_status.dest_map 2016-03-03 14:36:18 +01:00
iommu.c kvm: rename pfn_t to kvm_pfn_t 2016-01-15 17:56:32 -08:00
irq_comm.c KVM: add missing memory barrier in kvm_{make,check}_request 2016-04-20 15:29:17 +02:00
irq.c KVM: x86: consolidate "has lapic" checks into irq.c 2016-02-09 16:57:39 +01:00
irq.h KVM: x86: consolidate different ways to test for in-kernel LAPIC 2016-02-09 16:57:45 +01:00
Kconfig KVM: x86: select IRQ_BYPASS_MANAGER 2015-10-01 15:06:52 +02:00
kvm_cache_regs.h KVM, pkeys: add pkeys support for permission_fault 2016-03-22 16:23:37 +01:00
lapic.c KVM: x86: make hwapic_isr_update and hwapic_irr_update look the same 2016-05-18 18:04:32 +02:00
lapic.h svm: Add VMEXIT handlers for AVIC 2016-05-18 18:04:29 +02:00
Makefile KVM: page track: add the framework of guest page tracking 2016-03-03 14:36:20 +01:00
mmu_audit.c kvm: rename pfn_t to kvm_pfn_t 2016-01-15 17:56:32 -08:00
mmu.c KVM: MMU: skip obsolete sp in for_each_gfn_*() 2016-04-20 15:29:17 +02:00
mmu.h KVM: MMU: fix permission_fault() 2016-04-10 21:53:49 +02:00
mmutrace.h tracing: Rename ftrace_event.h to trace_events.h 2015-05-13 14:05:12 -04:00
mtrr.c KVM: MTRR: remove MSR 0x2f8 2016-05-18 18:04:32 +02:00
page_track.c KVM: page_track: fix access to NULL slot 2016-03-22 17:27:28 +01:00
paging_tmpl.h KVM: MMU: fix permission_fault() 2016-04-10 21:53:49 +02:00
pmu_amd.c KVM: x86/vPMU: Fix unnecessary signed extension for AMD PERFCTRn 2015-08-11 15:19:41 +02:00
pmu_intel.c KVM: x86/vPMU: Define kvm_pmu_ops to support vPMU function dispatch 2015-06-23 14:12:14 +02:00
pmu.c KVM: x86: consolidate different ways to test for in-kernel LAPIC 2016-02-09 16:57:45 +01:00
pmu.h KVM: x86/vPMU: Define kvm_pmu_ops to support vPMU function dispatch 2015-06-23 14:12:14 +02:00
svm.c KVM: x86: make hwapic_isr_update and hwapic_irr_update look the same 2016-05-18 18:04:32 +02:00
trace.h svm: Add VMEXIT handlers for AVIC 2016-05-18 18:04:29 +02:00
tss.h
vmx.c KVM: x86: make hwapic_isr_update and hwapic_irr_update look the same 2016-05-18 18:04:32 +02:00
x86.c svm: Add VMEXIT handlers for AVIC 2016-05-18 18:04:29 +02:00
x86.h KVM, pkeys: add pkeys support for xsave state 2016-03-22 16:21:05 +01:00